Download
GitHound is a reconnaissance and security scanning tool designed to search GitHub for exposed secrets such as API keys, credentials, and other sensitive tokens. It works by combining GitHub search queries (often called “GitHub dorks”) with pattern matching techniques to locate potential secrets across public repositories. Instead of scanning only a limited set of repositories, the tool leverages GitHub’s Code Search API to analyze results from across the entire public GitHub ecosystem, including repositories and Gists. GitHound examines files returned by search queries and applies detection methods such as regex pattern matching, entropy analysis, and contextual evaluation to identify likely credentials. It can also dig into commit history to uncover secrets that may have been removed or reverted but still exist in older revisions. This capability makes it useful for security researchers, DevSecOps teams, and bug bounty hunters who need to detect leaked credentials.
Features
- Global GitHub scanning using GitHub Code Search to locate secrets across public repositories and Gists
- Pattern-based detection using regex rules combined with entropy and contextual analysis
- Commit history analysis to discover credentials that were deleted or reverted in past commits
- Support for GitHub search queries (GitHub dorks) to target specific patterns or services
- Custom regex rules and automation-friendly JSON output for integration with scripts and pipelines
- Decoding capabilities such as Base64 extraction to identify encoded secrets during scans
Project Samples
